Ask a Question

Error: "The certificate is invalid for Exchange Server usage" using Microsoft Exchange 2010 server

Problem

Error: "The certificate is invalid for Exchange Server usage."

Cause

This error may occur on Microsoft Exchange 2010 server, if Thawte Intermediate CA certificates are missing.

Solution

To resolve this issue with Microsoft Exchange 2010 server, perform the following steps:
 

Step 1: Obtain the Thawte Intermediate CA certificate

  1. Download Thawte Intermediate CA certificate, refer to article INFO1384
     

Step 2: Adding the Certificates Snap-in to the Microsoft Management Console (MMC):

  1. From the Web server, click Start
  2. In the Search programs and files field, type mmc
  3. From the Programs list, click mmc.exe
  4. At the permission prompt, click Yes
  5. From the Microsoft Management Console (MMC), click  File > Add/Remove Snap-in
  6. From the list of snap-ins, select Certificates
  7. Click Add
  8. Select Computer account
  9. Click Next
  10. Select Local computer (the computer this console is running on)
  11. Click Finish
  12. In the Add/Remove Snap-in window, click OK
  13. Save these console settings for future use


Step 3: Import the intermediate certificates using Microsoft Management Console (MMC)

Import the Intermediate CA Certificate using the Microsoft Management Console (MMC)

  1. Open the Microsoft Management Console (MMC) > Go to Start Run > enter MMC > select OK
  2. Select File or Console > select Add/Remove Snap-In
  3. From the Add/Remove Snap-In window select the Add button
  4. From the list, select Certificates > select Add > select Computer Account and Local Computer > select OK
  5. From the left window, select Intermediate Certification Authorities > right-click Certificates > select All Tasks > Import.  This will open the Certificate Import Wizard.
  6. Click Next
  7. Browse to the location of the intermediate certificate > select Next
  8. Select Place the certificate in the following store:  Intermediate Certification Authorities
  9. Click Finish
     

Step 4:  Assign SSL certificate to Exchange Server 2010 Services

  1. Launch the Exchange Management Console
  2. Navigate to Server Management, and select the server that has the certificate installed
  3. Right click the SSL certificate you wish to assign and choose Assign Services to Certificate
  4. Click Next to continue the wizard
  5. Choose the services you wish to assign to the certificate (e.g., Internet Message Access Protocol, Post Office Protocol, Simple Mail Transfer Protocol, Internet Information Services and Unified Messaging) and click Next
  6. Click Assign to execute the change
  7. When task has completed successfully, click Finish to close the wizard

 
Step 5:  Verify certificate installation

  1. Stop and start your Web server prior to any testing.
    Note: In some cases, the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. To verify if your certificate is installed correctly, use the Thawte Installation Checker